6.7
CVE-2021-47765 - AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to bβ¦
6.7
CVE-2021-47764 - AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes and β¦
8.8
CVE-2021-47763 - Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
8.5
CVE-2021-47762 - HTTPDebuggerPro 9.11 - Unquoted Service Path
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated accesβ¦
8.5
CVE-2021-47761 - MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.
0.0
CVE-2021-47760 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate.
6.8
CVE-2021-47759 - MTPutty 1.0.1.21 - SSH Password Disclosure
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH cβ¦
8.7
CVE-2021-47758 - Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitraβ¦
8.7
CVE-2021-47757 - Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.
8.7
CVE-2021-47755 - Oliver Library Server v5 - Arbitrary File Download
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files β¦